Find a Question:

Google reveals possible security vulnerabilities unpatched OS X

Jan

24

2015

Shortly after Google published zero days in Windows, the company has published details of three vulnerabilities in OS X. Apple has one of those three vulnerabilities probably not yet patched and thereby attackers exploit the leak.

Mac OS X Yosemite For the security issue might have been present in OS X Yosemite, has Google even delivered a proof of concept that it is abuse. As far as known, there is no patch for the vulnerability, but Google has the details about the leak still brought out.

As part of its project Zero campaign gives companies Google ninety days to patch discovered security problems; then be automatically published details about the leak. Previously had Microsoft strongly criticized the policy, after Google published repeatedly information about unpatched Windows vulnerabilities.

One of the other OS X leak information that Google brought out, is not to abuse in OS X Yosemite, but in earlier versions of Apple’s operating system. It is unclear whether the third leak is still abuse. Apple gives little information about security problems that it solves.

The three leaks information that Google has brought out, do not provide enough space to crack a system. They can help an attacker in conjunction with other security problems. For example, a security problem it possible to escape from a sandbox and displays the leak that is still root access in Yosemite.